Chat now with support
Chat with Support

Identity Manager 8.1.2 - Installation Guide

About this guide One Identity Manager overview Installation prerequisites Installing One Identity Manager Installing and configuring the One Identity Manager Service Automatic updating of One Identity Manager Updating One Identity Manager Installing and updating an application server Installing the API Server Installing, configuring, and maintaining the Web Portal Installing and updating the Manager web application Logging in to One Identity Manager tools Troubleshooting Creating a One Identity Manager database for a test or development environment from a database backup Advanced configuration of the Manager web application Machine roles and installation packages

Installing One Identity Manager components on a Windows terminal server

To install One Identity Manager tools on a Windows terminal server, you need to ensure that the Windows terminal server has been fully installed and configured. This includes profile handling in particular as well as permissions for Windows terminal server use.

NOTE: Ensure that in an Active Directory Domain, users also have relevant permissions to use the Windows terminal server self.

To install One Identity Manager components on a Windows terminal server:

  1. Log in with a user account that has administrator permissions on the Windows terminal server.

    Logging in using a console connection is recommended. Call this up with

    Start/Execute: mstsc /Console /v:<servername>

    where <server name> must be replaced with the server name of the terminal server (without leading "\").

  2. Open the command line console (CMD.exe) and switch the Windows terminal server into software installation mode with help of the command CHANGE USER /INSTALL.
  3. Start the installation wizard and install the One Identity Manager components as described.
  4. End the software installation mode on the Windows terminal server with the command CHANGE USER /EXECUTE in the command line console.

After the installation is complete, anyone who is an authorized Windows terminal server user can start the One Identity Manager tools and use them.

For more information about software installation on Windows terminal servers, refer to the Windows operating system documentation you are using.

Related topics

Installing and configuring a One Identity Manager database

To set up the One Identity Manager database, use the Configuration Wizard. The Configuration Wizard executes the following steps.

  1. Installs the One Identity Manager schema in a database.

    The Configuration Wizard can create a new database and install the One Identity Manager schema. Alternatively, the One Identity Manager schema can be installed in an existing database.

  2. Creates the required SQL Server logins and database users permissions for the administrative user, configuration user, and end user.
  3. Creates administrative system users and permissions groups.
  4. Encrypts the database.
  5. Installs and configures a One Identity Manager Service with direct access to the database for handling SQL processes and automatic server software updates.

NOTE: Additional steps are executed in One Identity Manager depending on the Edition and Configuration Wizard modules.

Additional steps are required to configure the One Identity Manager database following the schema installation:

  • Configure the database for a test, development, or live system.
  • Other system settings may be required for putting individual functions into operation in One Identity Manager.

    Use configuration parameters to configure the behavior of the system's basic settings. One Identity Manager provides default settings for different configuration parameters. Check the configuration parameters and modify them as necessary to suit your requirements.

    Configuration parameters are defined in the One Identity Manager modules. Each One Identity Manager module can also install configuration parameters. In the Designer, you can find an overview of all configuration parameters in the Base data | General | Configuration parameters category.

  • In certain circumstances, it is necessary to store encrypted information in the One Identity Manager database. If you did not encrypt the database when you installed with the Configuration Wizard, use the Crypto Configuration program to encrypt.
  • You can log changes to data and information from process handling in One Identity Manager. All entries logged in One Identity Manager are initially saved in the One Identity Manager database. The proportion of historical data to total volume of a One Identity Manager database should not exceed 25 percent. Otherwise performance problems may arise. You must ensure that log entries are regularly removed from the One Identity Manager database and archived.

    For more information about process monitoring and process history, see the One Identity Manager Configuration Guide. For more information about archiving data, see the One Identity Manager Data Archiving Administration Guide.

Detailed information about this topic
Related topics

Advice on setting up a One Identity Manager database

  • The following prerequisites must be fulfilled on the workstation from which you want to start the One Identity Manager database setup:

    • Installation of the Configuration Wizard

      Use the installation wizard to install the program. To do this, select the Workstation machine role and the Configuration installation package in the installation wizard.

    • Access to the installation sources

      NOTE: If you copy the installation files to a repository, you must ensure that the relative directory tree remains intact.

    • To ensure that HTML applications are successfully compiled, you must download packages from the NPM repository. Ensure that the workstation you are compiling on, can establish a connection to the registry.npmjs.org:443 website.

      Alternatively, you can download packages from a proxy server and install them manually.

  • An installation user with permissions for installing a One Identity Manager database must exist. For detailed information, see Users with granular permission for the One Identity Manager database on an SQL Server and Permissions for the One Identity Manager database in a managed instance in an Azure SQL Database.

  • It is not recommended to select a user with Windows authentication for installing the database. If you decide to use it anyway, ensure that your environment supports Windows authentication. You must use the same user to update the database.

  • If you want to install the One Identity Manager schema in an existing database, ensure that the database has the required settings. For more information, see Settings for the database server and the One Identity Manager database on a SQL Server and Database server settings and the One Identity Manager database in a managed instance in an Azure SQL Database.

  • For One Identity Manager databases on SQL Servers, it is recommended, on performance grounds that you set the database to the Simple recovery model for the duration of the schema installation.

  • Always start Configuration Wizard on an administrative workstation.

  • The program executes remote installation of One Identity Manager Service. Remote installation is only supported within a domain or a trusted domain.

  • If you start the Configuration Wizard on a server on which you also want to configure a One Identity Manager Service, simply skip the section for installing the service on the local server in the Configuration Wizard. Install the One Identity Manager Service with the installation wizard in this case. For more information, see Installing and configuring the One Identity Manager Service.

  • If you are working with an encrypted One Identity Manager database, see Advice on working with an encrypted One Identity Manager database.

Installing and configuring a One Identity Manager database

Important: Always start the Configuration Wizard on an administrative workstation. If you start the Configuration Wizard on a server on which you also want to configure a One Identity Manager Service, simply skip the section for installing the service on the local server in the Configuration Wizard.

To install a database in the Configuration Wizard

  1. Start the Configuration Wizard.

  2. On the Configuration Wizard home page, select the Create and install a database option and click Next.

  3. On the Create administrative connection page, execute the following steps to use an existing database.

    1. Enable the Advanced option.

    2. In the Advanced options pane, set the Use an existing, empty database for installation option.

    3. Enter the following connection data for the database.

      • Server: Database server.

      • (Optional) Windows Authentication: Specifies whether integrated Windows authentication is used. This type of authentication is not recommended. If you decide to use it anyway, ensure that your environment supports Windows authentication.

      • User: SQL Server Login name of the installation user.

      • Password: Password for the installation user.

      • Database: Select the database.

    - OR -

    To install a new database, enter the following database connection data on the Create administrative connection page.

    • Server: Database server.

    • (Optional) Windows Authentication: Specifies whether integrated Windows authentication is used. This type of authentication is not recommended. If you decide to use it anyway, ensure that your environment supports Windows authentication.

    • User: SQL Server Login name of the installation user.

    • Password: Password for the installation user.

  4. If you are using an existing database, on the Create database page, Installation source view, select the directory containing the installation files.

    - OR -

    If you are creating a new database, perform the following tasks on the Create database page.

    1. In the Database properties view, enter the following information about the database.

      Table 17: Database properties
      Data Description

      Database name

      Name of the database.

      Data directory

      Directory in which the data file is created. You have the following options:

      • <default>: The database server’s default directory.

      • <browse>: Select a directory using the file browser.

      • <directory name>: Directory in which data files are already installed.

      Log directory

      Directory in which the transaction log file is created. You have the following options:

      • <default>: The database server’s default directory.

      • <browse>: Select a directory using the file browser.

      • <directory name>: Directory in which transaction log files are already installed.

      Memory tables directory

      Directory for data file group and database file for memory-optimized tables. You have the following options:

      • <default>: The database server’s default directory.

      • <browse>: Select a directory using the file browser.

      • <Directory name>: Directory in which data files for memory-optimized tables are already installed.

      Initial size

      Initial size of the database files. You have the following options:

      • <Default>: Default entry for the database server.

      • <custom>: User-defined entry.

      • Different recommended sizes: Depending on the number of employees being administrated.

    2. In the Installation source pane, select the directory with the installation files.

  5. On the Select configuration module page, select the configuration module .

    • If you started the Configuration Wizard from the install wizard, the configuration modules for the selected edition are already activated. Check the module selection in this case.
    • Select the configuration module at this point if you started the Configuration Wizard directly. Dependent configuration modules are selected automatically.
  6. On the Create a new login for administrators page, decide which SQL server login to use for administrative users. You have the following options:

    • Create new SQL Server logins for the database: Select this option if you want to set up a new administrative login on the SQL Server. Other SQL Server logins with permissions for system configuration and for end users are created after the database has been migrated.

      Enter the login name, password, and password confirmation for the new SQL Server login.

      NOTE: The password must meet the Windows policy requirements for passwords.

    • Use the current SQL Server login for the database: When you select this option, no additional SQL Server logins are created for the database. In this case, you cannot work with the granular permissions concept at SQL level. The user you specified is used to connect to the database.

      NOTE: If you want to switch to granular permissions at a later time, contact Support. To access the Support Portal, go to https://support.oneidentity.com/identity-manager/.

  7. Error that prevent processing the database are displayed on the Database check page. Correct the errors before you continue with the installation.

  8. The installation steps are shown on the Processing database page.

    Installation and configuration of the database are automatically carried out by the Configuration Wizard. This procedure may take some time depending on the amount of data and system performance. Once processing is complete, click Next.

    TIP: Set Advanced to obtain detailed information about processing steps and the migration log.

  9. On the Create SQL server logins page, enter the login name, the password, and password confirmation for the SQL Server logins for configuration users and end users.

    NOTE: The password must meet the Windows policy requirements for passwords.

  10. On the System information page, enter the customer information and create administrative system users for One Identity Manager.

    1. In the Customer information view, enter the full name of the company.

    2. In the System user view, configure the predefined administrative system users and enter your own administrative system users.

      • Enter a password and password confirmation for the predefined system users.

      • To create customer-specific system users, click the button and enter the name, password, and password confirmation.

      TIP: Use the <...> button next to the name of a system user to configure additional settings for that system user. You can also adjust these settings in the Designer at a later time.

    3. (Optional) Create custom permissions groups.

      The Configuration Wizard creates custom permissions groups, which you can use to define permissions for any custom schema extensions you require.

      • For non role-based login, the CCCViewPermissions and CCCEditPermissions are created permission groups. Administrative system users are automatically added to these permissions groups.

      • For role-based login, the CCCViewRole and CCCEditRole permission groups are created.

      To create additional permissions groups

      1. Enable the Advanced option and in the Permissions groups view, click the button.

      2. Enter the name for the permissions group. Label custom permission groups with the prefix CCC.

      3. For role-based permissions groups, enable the Role-based option.

  11. On the Enable database encryption page, select one of the following options:

    • Skip database encryption: The database is not encrypted. You can encrypt the database at later date using the Crypto Configuration program.

    • Enable database encryption: The database is encrypted in the next step.

      1. In the Private key field, enter the name of the key file.

      2. Click New and, using the file browser, select the where you want to store the key file.

      3. Click Save.

        This generates the key file (*.key). The file browser is closed. The path and file name are displayed under Private key.

      4. Confirm that you have saved the key file.

        Take the Advice on working with an encrypted One Identity Manager database into account.

  12. On the Service installation page, you can create a Job server for the server on which the One Identity Manager database is installed.

    NOTE: If you do not want to set up a Job server with the One Identity Manager Service at this stage, select the Skip service installation option.

    1. In the Installation data pane, enter the following data for installing the One Identity Manager Service.

      • Computer: Name or IP address of the server that the service is installed and started on.

      • Service account: User account data for the One Identity Manager Service.

        • To start the service under the NT AUTHORITY\SYSTEM account, set the Local system account option.

        • To start the service under another account, disable the Local system account option and enter the user account, password and password confirmation.

      • To change the install directory, names, display names or description of the One Identity Manager Service, use the other options.

    2. (Optional): Enable the Advanced option and enter the Installation account data.

      • To use the current user’s account, set the option Current user.

      • To use another user account, disable the Current user option and enter the user account, password and password confirmation.

    3. In the Machine roles pane, select the machine role for the service. The Job server machine role is defined by default. You can add more machine roles.

    4. (Optional) In the Configuration pane, check the One Identity Manager Service configuration. Enable the Advanced option.

      NOTE: The initial service configuration is predefined already. If additional changes need to be made to the configuration, you can do this later with the Designer. For more detailed information about configuring the One Identity Manager Service, see the One Identity Manager Configuration Guide.

    5. Click Next to start installing the service.

      Installation of the service occurs automatically and may take some time.

      NOTE: In a default installation, the service is entered in the server’s service management with the name One Identity Manager Service.

  13. On the last page of the Configuration Wizard, click Finish.

Related topics
Related Documents